This commit is contained in:
2
.vscode/launch.json
vendored
2
.vscode/launch.json
vendored
@@ -53,7 +53,7 @@
|
||||
"AYANOVA_FOLDER_USER_FILES": "c:\\temp\\RavenTestData\\userfiles",
|
||||
"AYANOVA_FOLDER_BACKUP_FILES": "c:\\temp\\RavenTestData\\backupfiles",
|
||||
"AYANOVA_FOLDER_TEMPORARY_SERVER_FILES": "c:\\temp\\RavenTestData\\tempfiles",
|
||||
"AYANOVA_SERVER_TEST_MODE": "true",
|
||||
"AYANOVA_SERVER_TEST_MODE": "false",
|
||||
"AYANOVA_SERVER_TEST_MODE_SEEDLEVEL": "small",
|
||||
"AYANOVA_SERVER_TEST_MODE_TZ_OFFSET": "-7",
|
||||
"AYANOVA_BACKUP_PG_DUMP_PATH": "C:\\data\\code\\postgres_13\\bin\\"
|
||||
|
||||
@@ -194,6 +194,18 @@ namespace AyaNova.Api.Controllers
|
||||
}
|
||||
|
||||
|
||||
//TWO FACTOR ENABLED??
|
||||
//if 2fa enabled then need to validate it before sending token, so we're halfway there and need to send a 2fa prompt
|
||||
if (u.TwoFactorEnabled)
|
||||
{
|
||||
|
||||
return Ok(ApiOkResponse.Response(new
|
||||
{
|
||||
tfa = true
|
||||
}));
|
||||
}
|
||||
|
||||
|
||||
//build the key (JWT set in startup.cs)
|
||||
byte[] secretKey = System.Text.Encoding.ASCII.GetBytes(ServerBootConfig.AYANOVA_JWT_SECRET);
|
||||
|
||||
@@ -450,12 +462,10 @@ namespace AyaNova.Api.Controllers
|
||||
if (u == null)//should never happen but ?
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
//if user already has a secret set then this is not valid, must be re-requested first
|
||||
//this is to stop someone from messing up someone's login accidentally or maliciously by simply hitting the route logged in as them
|
||||
if (!string.IsNullOrWhiteSpace(u.TotpSecret) || u.TwoFactorEnabled)
|
||||
if (u.TwoFactorEnabled)
|
||||
return BadRequest(new ApiErrorResponse(ApiErrorCode.INVALID_OPERATION, "generalerror", "2fa already enabled"));
|
||||
|
||||
|
||||
var tfa = new TwoFactorAuth("AyaNova");
|
||||
u.TotpSecret = tfa.CreateSecret(160);
|
||||
await ct.SaveChangesAsync();
|
||||
|
||||
Reference in New Issue
Block a user